Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: code analysis for c#?
From: Mads Rasmussen <mads () opencs com br>
Date: Fri, 27 Feb 2004 09:05:32 -0300

Thanks Thomas,
As I said before, I found the output of http://ivanz.webpark.cz/codeanalyzer.html 
better than FxCop, might be slightly limited in funcionality though.
Regarding comercial tools, I am currently investigating Sanctums AppScan , the developer edition as well as Total .Net Analyzer 

http://www.fmsinc.com/dotnet/analyzer/index.asp
That one is really cool, it comes as a plugin for VS and analyzes as you code or after. It shows stuff that FxCop cannot find due to its architecture of looking at the metatags of compiled code, where Total Analyzer looks at the source code directly.
It seems that the trial version is limited though, I expected to find more errors than it came up with, something I still have to confirm if I would choose to buy the tool.
Thanks for the input from all of you btw, let's broaden the knowledge of these tools ! 

Regards,

Mads

Cassidy, Thomas wrote:
> One of the drawbacks to FxCop is that it will not let you look at code
> inside functions, i.e., you can only apply it's rules to globals and
> function declarations.
>
> We are investigating a tool named Code Auditor from SSW (www.ssw.com)
> that allows you to build your code analysis rules using regular
> expressions.
>
> Tom

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]